similar to: List of applied policy if 'apply group policies = yes'...

You guys mix to things. > AFAIK is the 'privileges' that are host-specific. Is correct. >the policies are on the domain (in the LDAP data, > the root DN, look at them!). Yes, but only the GPO policies and these are not applied to the samba server. And because of that, samba-tools password settings needs to be set on every DC. Greetz, Louis > -----Oorspronkelijk

On 01/10/2020 11:22, Remy Zandwijk wrote: > > >> On 1 Oct 2020, at 10:31, Rowland penny via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >> >> On 01/10/2020 00:23, Jason Keltz via samba wrote: >>> >>> Remy, >>> >>> On the domain controller (samba-ad-dc), I have in the config:

On 01/10/2020 00:23, Jason Keltz via samba wrote: > > Remy, > > On the domain controller (samba-ad-dc), I have in the config: kdc:user > ticket lifetime = 24 I do not recognise that smb.conf option, could this be another freebsd change that was never sent upstream or, if it was, it was rejected ? > > When I login to the client (which is using pam_winbind module), I have

Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn:

Mandi! Rowland penny via samba In chel di` si favelave... > Don't think that will work, unless you never turn the computer off or > restart Samba. > The problem isn't how often the cache gets updated, it is 'does the cache > exist' Ahem, sorry, no... i was not speaking 'now', but 'when bug 14074 get fixed'. So, supposing the bug that delete the

Mandi! Rowland penny via samba In chel di` si favelave... > Yes, somebody moved the cache to a different directory and it now gets wiped > every time Samba is restarted, we have a bug report for it:? > https://bugzilla.samba.org/show_bug.cgi?id=14074 Ok, thanks. I suppose that cache get controlled by: idmap cache time = 604800 winbind cache time = 300 so, for a portable system,

[It is more an AD question then a Samba question, but...] I need to do some LDAP query in an AD domain, plain LDAP query, mostly to query non-auth data (eg, emails). There's a DNS name that map to 'round robin the AD DC of the current site'? I need an 'A' record, not an SRV record, eg i need to put in my apps/MFP/... an LDAP server DNS name that round robin between the

I'm revising some docs, and i've returned on the 'offline logon' tema. Looking at: https://wiki.samba.org/index.php/PAM_Offline_Authentication and smb.conf manpage, it is clear that 'offline logon' is a pam/authentication only, does not involve NSS. Considering a 'full offline' DM client (supposing a portable), there's a 'winbind permanent nss

Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 . After some time (roughly: two weeks) my DC with FSMO roles (seems that other DC are unaffected) goes suddenly on trash: memory jump from 50% (3GB) to 100%, container start to swap and slow down (load 10-15) al the phisical server. A simple restart solve all the troubles. Some hint on how to debug that? Thanks. -- dott. Marco Gaiarin

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

I've read all docs on upgrades, from wiki to Louis notes, and i think i'm ready to upgrade. First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade in place. But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in one turn, and i'm think about something like: a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles b) then upgrade all DC in

Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-) I know i'm asking a rather hard thinks but... we are upgrading, but also solving some troubles. We have ''decently'' integrated some W10 1803 in a NT domain, but now with some other 1903 there's no way to make roaming profiles work. Looking at samba logs, seems that the client don't try at

Reding the thread in list about gluster, i've found that in your samba packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only the manpage. root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list /var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list

Sometimes (rarely, very rarely) i spot a <printername>.tdb error that seems to prevent the communication between samba and CUPS. In log i see: [2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log) tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096 the only solution i've found, pretty drastic, is: systemctl stop

[ I've just asked abut that, here, but now seems a simpler things, so i retry... ] This seems NON a samba touble, but a different behaviour in M$ client OS. But, really, i've not clue how to find an answer... Suppose to have a Win7 and a Win10 machine, both NOT joined to a domain. Suppose to have a share, with guest access enabled, where only readonly access are needed. Suppose also

Mandi! Rowland penny via samba In chel di` si favelave... > > Considering a 'full offline' DM client (supposing a portable), there's > > a 'winbind permanent nss cache' or a general nss cache (like > > nss-updatedb): > > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. > No, you cannot use

Some month ago a local branch office closed; the local branch had a DC, that i've simply removed the dc with: samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio (see https://lists.samba.org/archive/samba/2019-February/221195.html) But this leave some old DNS records, eg: root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed

Yesterday, after a long run, i've finally upgraded my DCs to stretch/samba4.9, using Louis repos. Hurrah! ;-) Looking forward, eg: http://apt.van-belle.nl/debian/dists/ seems to me that i can advance to 4.10 in stretch, but to go further i need buster (probably because of python deps, right?). Louis, i think we need a matrix of debian-samba compatibility... ;-) -- dott. Marco Gaiarin

Mandi! Rowland Penny via samba In chel di` si favelave... > samba-tool domain passwordsettings set --complexity=off Ahem, i've typed '--comploxity'... sorry... OK, option is available in samba-tool in 4.2, but does not seems to work: root at lupus:~# samba-tool domain passwordsettings set --complexity=off Password complexity deactivated! All changes applied successfully!

Happy new year to the list! I'm using Debian wheezy, standard Samba packages, version 2:3.6.6-6+deb7u4. I've hit bug #8744 https://bugzilla.samba.org/show_bug.cgi?id=8744 (referenced in debian BTS as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658707) that prevent me to use machine account auth; i'm using it with freeradius, to automatically connect some wireless clients.